Technology Lab —

Zero-day attack targets Excel

A new zero-day exploit targeting Microsoft Excel has surfaced, but Microsoft …

Microsoft is cautioning Office customers about a new vulnerability that has been discovered which affects users of Office 2000, Office XP, Office 2003, and Office 2004 for the Mac. The company is warning that the zero-day exploit is using Excel as an attack vector, however, other Office applications may be vulnerable as well.

In order for an attack to occur, a user must first open a maliciously crafted Office document which could then allow an attacker to execute code on that machine. The Microsoft Security Response Center Blog reports that they are aware of very limited, targeted attacks, meaning that only a very small portion of customers are affected.

Microsoft is currently monitoring the issue and has not yet announced if and when the hole will be patched. The only workaround is to use your head—don't open or save files from unknown sources.